administrative settlement ever with Fortnite video game maker Epic games. Epic was fined more than half a billion dollars based on allegations of numerous privacy violations and unwanted charges. Alleged violations included COPPA violations, problematic default settings, dark patterns on site used by individuals under 18. On January 27, 2023 the FTC finalized its order with education technology provider Chegg, Inc. for its careless data security practices that exposed sensitive information about millions of Chegg customers and employees including social security numbers, email addresses, and passwords. The FTC order requires Chegg to enhance their data security practices, limit the personal data collected and stored, allowing for multi-factor authentication, and ability of users to access and delete their data. Credit Card Data and the Payment Card Industry Data Security Standards (“PCI-DSS”). In addition to the federal laws discussed above and certain state laws, [See Minn. Stat. § 325E.64] businesses handling credit card data are self-regulated through the Payment Card Industry (PCI) Security Standards Council. The Council has developed the comprehensive Payment Card Industry Data Security Standards (PCI-DSS) followed by merchants and “all entities that store, process or transmit cardholder data.” PCI-DSS requires the installation and maintenance of firewalls, system passwords, encryption of cardholder data across open or public networks, use of anti-virus software, employee access restrictions, physical access restrictions, development of a credit card specific security policy, and restricts the retention of cardholder data. These standards are mandatory for any businesses handling credit card data. Larger merchants may be required to pass regular external security assessments and be subject to frequent scans to assess technical vulnerabilities. Failure to comply with PCI-DSS can result in significant penalties in the event of a data breach.
16
Made with FlippingBook - Online Brochure Maker